{"id":31701723,"url":"https://github.com/getlantern/http-proxy","last_synced_at":"2026-03-12T00:01:40.607Z","repository":{"id":236249364,"uuid":"45269507","full_name":"getlantern/http-proxy","owner":"getlantern","description":"HTTP/S Proxy for Lantern","archived":false,"fork":false,"pushed_at":"2026-03-11T18:14:50.000Z","size":17710,"stargazers_count":3,"open_issues_count":11,"forks_count":2,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-03-11T19:28:15.729Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/getlantern.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-10-30T18:34:26.000Z","updated_at":"2026-02-24T06:44:02.000Z","dependencies_parsed_at":"2024-05-31T21:34:56.384Z","dependency_job_id":"ffe77809-5d1c-4384-8174-72cd1b89c1e9","html_url":"https://github.com/getlantern/http-proxy","commit_stats":null,"previous_names":["getlantern/http-proxy-lantern","getlantern/http-proxy","getlantern/http-proxy-extensions"],"tags_count":166,"template":false,"template_full_name":null,"purl":"pkg:github/getlantern/http-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fhttp-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fhttp-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fhttp-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fhttp-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/getlantern","download_url":"https://codeload.github.com/getlantern/http-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getlantern%2Fhttp-proxy/sbom","scorecard":{"id":424351,"data":{"date":"2025-08-11","repo":{"name":"github.com/getlantern/http-proxy","commit":"600d6d48963cd62fd188507773a64deacf66b31b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.6,"checks":[{"name":"Code-Review","score":4,"reason":"Found 4/10 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/push.yml:23","Info: jobLevel 'contents' permission set to 'read': .github/workflows/push_branch.yml:10","Warn: no topLevel permission defined: .github/workflows/go.yml:1","Warn: no topLevel permission defined: .github/workflows/push.yml:1","Warn: no topLevel permission defined: .github/workflows/push_branch.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.0.20 not signed: https://api.github.com/repos/getlantern/http-proxy/releases/3272888","Warn: release artifact v0.0.19 not signed: https://api.github.com/repos/getlantern/http-proxy/releases/3216657","Warn: release artifact v0.0.18 not signed: https://api.github.com/repos/getlantern/http-proxy/releases/3160603","Warn: release artifact v0.0.17 not signed: https://api.github.com/repos/getlantern/http-proxy/releases/3099400","Warn: release artifact v0.0.20 does not have provenance: https://api.github.com/repos/getlantern/http-proxy/releases/3272888","Warn: release artifact v0.0.19 does not have provenance: https://api.github.com/repos/getlantern/http-proxy/releases/3216657","Warn: release artifact v0.0.18 does not have provenance: https://api.github.com/repos/getlantern/http-proxy/releases/3160603","Warn: release artifact v0.0.17 does not have provenance: https://api.github.com/repos/getlantern/http-proxy/releases/3099400"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/go.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push_branch.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push_branch.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push_branch.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push_branch.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push_branch.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push_branch.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push_branch.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push_branch.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push_branch.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/getlantern/http-proxy/push_branch.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:15","Warn: containerImage not pinned by hash: Dockerfile:18: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   9 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/push.yml:18"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3754 / GHSA-2x5j-vhc8-9cwm","Warn: Project is vulnerable to: GO-2025-3605 / GHSA-7vpp-9cxj-q8gv","Warn: Project is vulnerable to: GO-2024-2698 / GHSA-rhh4-rh7c-7r5v","Warn: Project is vulnerable to: GO-2025-3638 / GHSA-pmc3-p9hx-jq96","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2024-2978 / GHSA-xr7q-jx4m-x55m"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T01:56:20.201Z","repository_id":236249364,"created_at":"2025-08-19T01:56:20.202Z","updated_at":"2025-08-19T01:56:20.202Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30407761,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-11T22:36:59.286Z","status":"ssl_error","status_checked_at":"2026-03-11T22:36:57.544Z","response_time":84,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-08T21:07:50.194Z","updated_at":"2026-03-12T00:01:40.597Z","avatar_url":"https://github.com/getlantern.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HTTP/S Proxy with extensions for Lantern\n\n[![Go Actions Status](https://github.com/getlantern/http-proxy-lantern/actions/workflows/go.yml/badge.svg)](https://github.com/getlantern/http-proxy-lantern/actions)\n\nThese are Lantern-specific middleware components for the HTTP Proxy in Go:\n\n* A filter for access tokens\n\n* A filter for devices, based on their IDs\n\n* A filter for Pro users\n\n* A connection preprocessor to intercept bad requests and send custom responses\n\n* Custom responses for mimicking Apache in certain cases\n\n## Deploying\n\nAll pushes to the `main` branch are automatically deployed to production via CI in GitHub Actions.\n\nAll pushes to the `canary` branch are automatically deployed to the canary binary distribution URL for any proxies running the canary version.\n\nSee `.github/workflows/go.yml`, which uses the `make build` Makefile target **NOT THE LEGACY `make dist-on-docker`**.\n\n## Rolling back a Deployment\n\nThe http-proxy binary is distributed through S3 as [this object](https://s3.console.aws.amazon.com/s3/object/http-proxy?region=ap-northeast-1\u0026prefix=http-proxy). This object is versioned in S3, so if you need to roll back to a prior deployed version, you can simply delete the currently deployed version from [here](https://s3.console.aws.amazon.com/s3/object/http-proxy?region=ap-northeast-1\u0026prefix=http-proxy\u0026tab=versions).\n\n### Usage\n\nBuild it with `go build` or with `make build`.\n\nTo get list of the command line options, please run `http-proxy-lantern -help`.\n\n`config.ini.default` also has the list of options, make a copy (say, `config.ini`) and tweak it as you wish, then run the proxy with\n\n```\nhttp-proxy-lantern -config config.ini\n```\n\nTo regenerate `config.ini.default` just run `http-proxy-lantern -dumpflags`.\n\nYou can find instructions for how to run http-proxy with WATER by following [`docs/running-water.md`](./docs/running-water.md) steps\n\n### Testing with Lantern extensions and configuration\n\n### Run tests\n\n```\ngo test\n```\n\nUse this for verbose output:\n\n```\nTRACE=1 go test\n```\n\n### Manual testing\n\n*Keep in mind that cURL doesn't support tunneling through an HTTPS proxy, so if you use the -https option you have to use other tools for testing.*\n\nYou can run a local server with a set configuration (just a default ReflectToSite proxy as of this writing) with\n\n```\nmake local-proxy\n```\n\nNote that  `make local-proxy` is really just an alias for `make local-rts` -- i.e. a ReflectToSite local proxy.\n\nYou can then copy the rts-proxies.yaml file to your Lantern config directory, as in:\n\n```\ncp ./rts/rts-proxies.yaml ~/Library/Application\\ Support/Lantern/proxies.yaml\n```\n\nRun a Lantern client accordingly from `lantern-desktop`, as in:\n\n```\n./lantern -readableconfig -stickyconfig\n```\n\nIf you're developing a new transport, you can also add new versions of those files for that transport as you're testing.\n\nYou have two options to test it: the Lantern client or [checkfallbacks](https://github.com/getlantern/checkfallbacks).\n\nKeep in mind that they will need to send some headers in order to avoid receiving 404 messages (the chained server response if you aren't providing them).\n\nCurrently, the only header you need to add is `X-Lantern-Device-Id`.\n\nIf you are using checkfallbacks, make sure that both the certificate and the token are correct.  A 404 will be the reply otherwise.  Running the server with `-debug` may help you troubleshooting those scenarios.\n\n### Handle requests config server specially\n\n[To prevent spoofers from fetching Lantern config with fake client IP](https://github.com/getlantern/config-server/issues/4), we need to attach auth tokens to such requests.  Both below options should be supplied. Once `http-proxy-lantern` receives GET request to one of the `cfgsvrdomains`, it sets `X-Lantern-Config-Auth-Token` header with supplied `cfgsvrauthtoken`, and `X-Lantern-Config-Client-IP` header with the IP address it sees.\n\n```\n  -cfgsvrauthtoken string\n        Token attached to config-server requests, not attaching if empty\n  -cfgsvrdomains string\n        Config-server domains on which to attach auth token, separated by comma\n```\n\n### When something bad happens\n\nWith option `-pprofaddr=localhost:6060`, you can always access lots of debug information from http://localhost:6060/debug/pprof. Ref https://golang.org/pkg/net/http/pprof/.\n\n***Be sure to only listen on localhost or private addresses for security reason.***\n\n## Temporarily Deploying a Preview Binary to a Single Server\nSometimes it's useful to deploy a preview binary to a single server. This can\nbe done using either `deployTo.bash` or `onlyDeployTo.bash`. They do the same\nthing but `deployTo.bash` first runs `make dist` whereas `onlyDeployTo.bash`\ncopies the existing binary at dist/http-proxy.\n\n## Deploying a Custom Binary\nSometimes it's useful to deploy a custom binary to one or more tracks. This can\nbe done by running `make deploy-custom` and setting the environment variable\n`BINARY_NAME` to the desired binary name, e.g.\n`http-proxy-custom-hwh33-tlsmasq999`.\n\nTo deploy a track running the custom binary, add the `custom_proxy_binary` key\nto the track's pillar data, mapped to the name specified above. At the time of\nwriting, track pillar data is specified in the `track_pillars` structure in\nlantern-infrastructure/etc/current_production_track_config.py\n\nFor example:\n\n```\n    'etc-teleport': {\n        'custom_proxy_binary': 'http-proxy-custom-teleport-1',\n    },\n```\n\n### ssh config\nMost of our proxies have `servermasq` enabled on them.\nThis means that you cannot ssh directly into them. Instead you have to use a cloudmaster as a bastion jump host.\nYou can do this relatively straightforwardly by adding this to your `~/.ssh/config` file:\n```\nHost bastion\n  HostName CM_IP\n  ProxyCommand none\nHost *\n  User lantern\n  ProxyJump bastion\n```\nwhere you'd replace CM_IP with an actual cloudmaster ip (probably the one closest to you).\n\n\n### Deploy Preview\n```\n./onlyDeployTo.bash \u003cip address\u003e\n```\n\n### Revert to Production Binary\nOnce you're done checking out the preview, revert back to the production binary\nwith:\n\n```\n./revertToProductionBinary.bash \u003cip addres\u003e\n```\n\n### Logs on Server\nTo view proxy logs on a given machine, run:\n\n```\njournalctl -e -u http-proxy\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetlantern%2Fhttp-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgetlantern%2Fhttp-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetlantern%2Fhttp-proxy/lists"}